CVE-2022-3752
CVSS V2 None
CVSS V3 None
Description
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.
Overview
- CVE ID
- CVE-2022-3752
- Assigner
- PSIRT@rockwellautomation.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-19T23:15:10
- Last Modified Date
- 2022-12-27T18:59:02
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:* | 1 | OR | 32.011 | |
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:rockwellautomation:compactlogix_5580_firmware:*:*:*:*:*:*:*:* | 1 | OR | 31.011 | |
cpe:2.3:h:rockwellautomation:compactlogix_5580:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:* | 1 | OR | 32.011 | |
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:* | 1 | OR | 31.011 | |
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:* | 1 | OR | 31.011 | |
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:* | 0 | OR |
References
Reference URL | Reference Tags |
---|---|
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-3752 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3752 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-12-20 01:15:06 | Added to TrackCVE | |||
2022-12-20 03:15:27 | 2022-12-19T23:15:10.660 | 2022-12-19T23:15:10 | CVE Published Date | updated |
2022-12-20 03:15:28 | 2022-12-20T02:47:33 | CVE Modified Date | updated | |
2022-12-20 03:15:28 | Received | Awaiting Analysis | Vulnerability Status | updated |
2022-12-21 07:03:14 | 2022-12-20T15:15:11 | CVE Modified Date | updated | |
2022-12-21 07:03:16 | Weakness Enumeration | new | ||
2022-12-21 07:03:18 | An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic load to cause a denial-of-service condition resulting in a denial-of-service condition. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. | An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. | Description | updated |
2022-12-22 12:20:02 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
2022-12-27 19:14:50 | 2022-12-27T18:59:02 | CVE Modified Date | updated | |
2022-12-27 19:14:50 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
2022-12-27 19:14:52 | Weakness Enumeration | update | ||
2022-12-27 19:14:54 | CPE Information | updated |